CEH Exam 10-12

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?

Buffer overflow

What method might you use to successfully get malware onto a mobile device?

Using a third-party app store

What tool could you use to clone a website?

wget

What would a signal range for a Bluetooth 4.0 device commonly be?

300 ft.

Your organization is planning to add wireless nodes to an existing LAN that has a potential throughput of 54 Mbps. Which of the following will your organization use?

802.11a

Which Wi-Fi standard has a radio band of 2.4 and 5 GHz and a speed of 100 Mbps?

802.11n

John works as a network administrator at Infosoft Inc. He suspects that malware is attempting a buffer overflow attack in a kernel module. Which of the following techniques will John use to protect against the attack?

ASLR

You are evaluating the security of your organization's wireless network and found that SSID broadcasting is turned on. Who among the following will have access to a wireless network's SSID?

Anyone in the organization

Taylor, a black-hat hacker, makes use of a program called slowhttptest to send requests asking for overlapping ranges of bytes. Which of the following attacks is he performing?

Apache Killer

What could you use to inform a defensive strategy?

Attack life cycle

Which social engineering principle may allow a phone call from the help desk to be effective?

Authority

What type of attack would you be using by putting malware onto USB sticks that were given out at a security conference?

Baiting

Granting access to a system based on a factor such as an individual's retina during a scan is an example of what type of authentication method?

Biometrics

Pete, a security engineer, grants access to network resources based on authenticating an individual's fingerprint during a scan. Which security method does he use in determining identity?

Biometrics

What Bluetooth attack would allow you to make a call after gaining access to a device for surveillance?

Bluebugging

What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?

Captive portal

Which protocol is commonly used for amplification attacks?

DNS

Taylor, a penetration tester, requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities. Which of the following will she use in the given scenario?

Defense-in-depth

Which term defines the condition when an adversary purposely crashes a server?

Denial of service

What is the four-stage handshake used for?

Deriving keys

How would someone keep a baiting attack from being successful?

Disable autorun.

Juan, a security analyst, founds a rogue access point that pretends to be a legitimate network. Which of the following is responsible for this?

Evil twin

Taylor, a security analyst, wants to perform a scan that measures a person's external features through a digital video camera. Which of the following scans will she use?

Facial recognition

What statistic are you more likely to be concerned about when thinking about implementing biometrics?

False acceptance rate

What security element would be a crucial part of a defense in depth network design?

Firewall

What is the purpose of a deauthentication attack?

Forcing stations to reauthenticate

What is the SSID used for?

Identifying a network

What is the purpose of performing a Bluetooth scan?

Identifying endpoints

What social engineering vector would you use if you wanted to gain access to a building?

Impersonation

Which social engineering technique can allow you to gain physical access to a system?

Impersonation

As a black hat hacker, you identify a WAP at the mall that you're going to exploit. You discover that the WAP is using WEP. Which method will you utilize to exploit the WAP?

Initialization vector

What part of the encryption process was weak in WEP?

Initialization vector

Which form of biometrics scans a pattern in the area of the eye around the pupil?

Iris scanning

What wireless attack would you use to take a known piece of information in order to be able to decrypt wireless traffic?

Key reinstallation

What is a viable approach to protecting against tailgating?

Man trap

Which of the following is both a security issue for an organization and a privacy issue for a BYOD user?

Mixing personal and corporate data

What mode needs to be enabled to get all headers from wireless network communications?

Monitor

What would the result of a high false failure rate be?

People having to call security

What types of authentications are allowed in a WPA-encrypted network?

Personal and enterprise

The use of a script to perform a social engineering attack is called what?

Pretexting

You get a phone call from someone telling you they are from IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately. What tactic is the caller using?

Pretexting

Your company gives you a free simulator for LINUX. Later, you feel like you should buy the simulator in response. What social engineering principle gets you to buy the simulator because you feel obligated to respond to the company's favor?

Reciprocity

Which of the following types of scanning is used on the eye to measure the layer of blood vessels?

Retinal

Which of the following is a social engineering tool that can be used to send a spear phishing email?

SET

What element could be used to facilitate log collection, aggregation, and correlation?

SIEM

What information must be known for a wireless client to connect to an access point to gain access or be challenged with authentication?

SSID

Laura, a security analyst, observes that the company's web logs are showing a lot of very small HTTP read requests. Which of the following attacks is responsible for this?

Slowloris

Marry, a project manager, receives a call from her bank. She was informed that someone has tried to access her checking account and she needs to confirm her account number and password to discuss further details. She gives her account number and password. Which of the following attacks has occurred in the given scenario?

Social engineering

Which of the following relies heavily on human interaction and often involves tricking people into breaking normal security procedures?

Social engineering

Brett received a fake email asking to donate money to a charity group that operates in Nigeria. The email instructs him to provide his bank account information that will be used to deduct two dollars from his account every month for the charity. What may be the issue here?

Spear phishing

John, a security analyst, is probing a DNS server and discovers that it is configured as an open server. Which of the following risks is associated with this configuration?

The server may be used in an amplification attack.

You have received the text message on your mobile phone that says, "Hello, this is Malta from the Yahoo Bank. Kindly contact me for a vital transaction on [email protected]". Which of the following statements is true regarding the text message?

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

Mark, a security manager, categorizes an information system and determines that the loss of integrity of a specific information type would impact business significantly. Based on this, he recommends the implementation of several solutions. Which of the following, when combined, would mitigate this risk?

Validation

Which of the following is defined as an act of using VoIP for phishing, which involves using social engineering over the telephone system to obtain private information from an individual?

Vishing

Which protocol is used to create a secure environment in a wireless network?

WPA

Juan, a security analyst, observes an attack that occurs from code on the web server accepting data coming from the client without doing any data validation. Which of the following is responsible for the given scenario?

XML entity injection

What is an advantage of a phone call over a phishing email?

You are able to go into more detail with pretexting.


Kaugnay na mga set ng pag-aaral

Cell Structure Exam 1 Study Guide

View Set

Chapter 32, Chapter 28, Chapter 31, Business Law Chapter 34

View Set

01_04_Modal Verbs_Translate the words in brackets

View Set